Defender Standards

Low Impact

Standard Name

Description

Recommended By

PowerShell Equivalent

APIName

Default Anti-Phishing Policy

This creates a Anti-Phishing policy that automatically enables Mailbox Intelligence and spoofing, optional switches for Mailtips.

"CIS"

Set-AntiphishPolicy or New-AntiphishPolicy

AntiPhishPolicy

Default Atp Policy For O365

This creates a Atp policy that enables Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams.

"CIS"

Set-AtpPolicyForO365

AtpPolicyForO365

Default Malware Filter Policy

This creates a Malware filter policy that enables the default File filter and Zero-hour auto purge for malware.

"CIS"

Set-MalwareFilterPolicy or New-MalwareFilterPolicy

MalwareFilterPolicy

Quarantine Release Request Alert

Sets a e-mail address to alert when a User requests to release a quarantined message. This is useful for monitoring and ensuring that the correct messages are released.

New-ProtectionAlert and Set-ProtectionAlert

QuarantineRequestAlert

Default Safe Attachment Policy

This creates a Safe Attachment policy

"CIS"

Set-SafeAttachmentPolicy or New-SafeAttachmentPolicy

SafeAttachmentPolicy

Default SafeLinks Policy

This creates a safelink policy that automatically scans, tracks, and and enables safe links for Email, Office, and Teams for both external and internal senders

"CIS"

Set-SafeLinksPolicy or New-SafeLinksPolicy

SafeLinksPolicy

SharePoint Mass Deletion Alert

Sets a e-mail address to alert when a User deletes more than 20 SharePoint files within 60 minutes. This is useful for monitoring and ensuring that the correct SharePoint files are deleted. NB: Requires a Office 365 E5 subscription, Office 365 E3 with Threat Intelligence or Office 365 EquivioAnalytics add-on.

New-ProtectionAlert and Set-ProtectionAlert

SharePointMassDeletionAlert

Medium Impact

Standard Name

Description

Recommended By

PowerShell Equivalent

APIName

Add allowed domains to Spoof Intelligence

This adds allowed domains to the Spoof Intelligence Allow/Block List.

New-TenantAllowBlockListSpoofItems

PhishSimSpoofIntelligence

Phishing Simulation Configuration

This creates a phishing simulation policy that enables phishing simulations for the entire tenant.

New-TenantAllowBlockListItems, New-PhishSimOverridePolicy and New-ExoPhishSimOverrideRule

PhishingSimulations

Default Spam Filter Policy

This standard creates a Spam filter policy similar to the default strict policy.

New-HostedContentFilterPolicy or Set-HostedContentFilterPolicy

SpamFilterPolicy

Last updated 25 days ago

Was this helpful?